CVE-2024-6806

The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. These missing checks may result in remote code execution. This affects NI VeriStand 2024 Q2 and prior versions.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:ni:veristand:*:*:*:*:*:*:*:*
cpe:2.3:a:ni:veristand:2024:q2:*:*:*:*:*:*

History

17 Sep 2024, 14:09

Type Values Removed Values Added
CPE cpe:2.3:a:ni:veristand:2024:q2:*:*:*:*:*:*
cpe:2.3:a:ni:veristand:*:*:*:*:*:*:*:*
First Time Ni
Ni veristand
References () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html - () https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/missing-authorization-checks-in-ni-veristand-gateway.html - Vendor Advisory

24 Jul 2024, 12:55

Type Values Removed Values Added
Summary
  • (es) A NI VeriStand Gateway le faltan verificaciones de autorización cuando un actor intenta acceder a los recursos del Proyecto. Estas comprobaciones faltantes pueden provocar la ejecución remota de código. Esto afecta a NI VeriStand 2024 Q2 y versiones anteriores.

22 Jul 2024, 21:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-22 21:15

Updated : 2024-09-17 14:09


NVD link : CVE-2024-6806

Mitre link : CVE-2024-6806

CVE.ORG link : CVE-2024-6806


JSON object : View

Products Affected

ni

  • veristand
CWE
CWE-862

Missing Authorization